Malware Analysis in Python

Overview

This is a python program I am developing to allow easy analysis of malware. Future iterations of this program will include a Flask web server displaying information obtained from the scans.

TODO

• [ ] Finish registry baselineing (Check more than just startup) - In work
• [X] Network baseline
  • Is there a faster way other than using sockets to check all 65535 ports?
• [ ] Intergrate Flask web framework - In work
• [ ] Docker / cloud intergration
• [ ] Fix the way it gets strings of the binary
• [ ] Check for packed binary
• [ ] Create tests
• [ ] Change to a package type system for easier imports from different directories?

Usage

For flask setup in powershell:

$env:FLASK_APP = ".\webserver.py"
$env:FLASK_ENV=development

For using analyze_malware

import analyze_malware

malware = AnalyzeMalware("filename.exe")
md5 = malware.get_hash()
for item in malware.search_strings():
    print(f"String: {item}")
for item in test.registry_baseline():
    print(f"Startup Registry: {item}")
network_test = test.network_baseline()
print(network_test)